New Mac Trojan horse masquerades as virus scanner

By and large, Mac users have been able to escape the onslaught of malware that their Windows counterparts suffer from. But every once in a while, a piece of nastiness slips into the wild. The latest offender is a Trojan horse by the name of MAC Defender, which purports to be a virus-scanning application. In fact, it does little more than encourage users to give up their credit card information.

Once installed, the program apparently pretends to detect viruses and opens Web browser windows with pornographic sites, to help sell the charade that the computer is infected. It also configures itself to launch at startup and is difficult to quit as it only appears as a menu bar icon and not in OS X’s Dock.

If users try to clean the viruses, they first have to register MAC Defender; clicking on the link to do so via the program’s About screen takes them to an unsecure Website that offers a 1-year, 2-year, or lifetime license to the program for $60, $70, or $80 respectively. Registering halts the virus warnings, thus “confirming” that the program is working.

As nefarious as MAC Defender might be, the level of concern over infection remains low: Users must be tricked into downloading and installing the program, as well as entering their administrator password.

As with the rare Mac malware threats that have arisen in the past, the best defense against a Trojan horse like MAC Defender is education and common sense. There’s no need to panic, as long as you’re taking the usual proper precautions while browsing the Web. For example, users should uncheck Safari’s ‘Open “safe” files after downloading’ option in the General pane of its Preferences, which prevents files like ZIP archives from automatically being opened. And, of course, they should always be wary of installing any application from an unknown source.